hi folks,

i'm one of the debian developers responsible for maintaining php4/php5, and by
extension, pear. I had some questions on #pear and was suggested that i post
them here, so here goes...

currently the pear package available in debian is generated from the phar
archive included by the php5 tarball. the problem with this is it makes it
very difficult for us to modify the source code inside the phar. so, when
security issues come out (such as CVE-2007-2519), it's very difficult for us
to provide a patch[1] for a previous release of pear.

so, i'm wondering if there's a better system that we can use to provide the
pear package, perhaps seperately from the php tarball. however, i don't see
any way to just get a plain old vanilla tarball of pear. assuming you guys
don't actually provide that, how feasible would it be for us to base a source
package off of a CVS tag? do you have your "turn CVS checkout into a phar
installer" in CVS as well? do you have any other suggestions?


[1] in this case it's probably not worth a patch to previous releases, but it
still brings the problem to light.

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 5 | next ›
Discussion Overview
grouppear-core @
postedAug 25, '07 at 10:52p
activeAug 28, '07 at 6:35a

2 users in discussion

Sean finney: 3 posts Gregory Beaver: 2 posts



site design / logo © 2022 Grokbase